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Incorporating lAintoGLQBAL GUARDI  AM  - 

by  Mr.  Ward  Parker 


For  the  last  few  years,  United 
States  Strategic  Command  has 
incorporated  computer  network 
attack  (CNA)  scenarios  into  its 
annual  major  exercise  known 
as  GLOBAL  GUARDIAN.  The 
primary  purpose  of  including 
CNA  is  to  test  the  processes  we 
have  in  place  in  case  of  a  real 
attack  against  our  information 
infrastructure. 

During  the  first  couple  of 
exercises  we  kept  the  attacks 
simple.  They  were  designed  sole¬ 
ly  to  raise  the  awareness  of 
Command  members.  Although 
we  continue  to  employ  scenarios 
to  educate  users,  we  now  use 
sophisticated,  on-line  attacks  to 
test  the  security  posture  of  the 
Commands  systems  and  key 
personnel. 


The  attack  scenarios  for  our 
most  recent  exercise,  GLOBAL 
GUARDIAN,  were  developed 
months  prior  to  the  actual  start 
date  of  the  exercise.  The 
attacks  we  developed  focused 
on  affecting  the  decision  mak¬ 
ers  in  the  Command— the  pur¬ 
pose  of  information  operations. 
We  accomplished  this  by  con¬ 
centrating  our  efforts  on  how 
we  could  realistically  affect  the 
confidentiality,  integrity,  and 
availability  of  data;  however, 
one  of  the  rules  of  engagement 
was  not  to  modify  or  change 
any  data. 

We  worked  closely  with  our 
intelligence  personnel  to 
ensure  our  attacks  were  consis¬ 
tent  with  the  overall  scope  of 
the  exercise.  To  carry  out  the 


United  States  Strategic  Cwinmd 

attacks,  we  employed 
Command  “red  team”  members 
and  other  organizations  to  act 
as  enemy  agents.  Our  goal  was 
to  make  the  attacks  seamless,  in 
the  sense  that  they  were  all 
related  and  graduated  in  severi¬ 
ty.  The  attacks  ranged  from 
attempting  to  penetrate  the 
Command  from  the  Internet  to 
a  “bad”  insider  with  access  to  a 
key  command  and  control  sys¬ 
tem.  The  attackers  also  “war 
dialed”  our  phones  to  tie  up  the 
phones  and  sent  faxes  to 
numerous  fax  machines 
throughout  the  Command. 
Attackers  also  claimed  they  had 
the  ability  to  shut  down  our  sys¬ 
tems. 


Security  Tools  for  Network  Centric  Warfare 


The  news  media 
are  replete  with 
reports  of  attacks 
via  the  Internet 
on  networks 
and  computer 
systems  around 
the  world,  often 
specifically 
through  the 
increasingly  wide¬ 
spread  World  Wide 
Web  (WWW).  Although 
many  of  these  attacks  take 
advantage  of  well-known  secu¬ 
rity  flaws  and  vulnerabilities  in 
complex  operating  systems 
such  as  UNIX  and  Windows  NT, 
some  systems  continue  to  be 
infected  with  computer  viruses, 
which  can  seriously  disrupt  a 
company’s  business,  and  also 


disrupt  warfighting 
operations  and 
exercises. 
Although  the 
exact  origin  of 
many  viruses  is 
often  not 
known,  the  rea¬ 
son  for  the 
spread  of  the 
viruses  can  be  easi¬ 
ly  explained.  All  it 
takes  is  one  individual, 
with  one  corrupt  disk,  or  one 
corrupt  program  downloaded 
from  the  Internet,  and  the  virus 
is  inside  the  network.  Once 
inside,  if  the  virus  signatures  in 
the  network  antivirus  software 
are  not  up  to  date,  or  virus 
scans  are  not  performed  when 
programs  are  opened,  the  virus 


byLT  Reese  Zomar,  USN 
Navy  INFOSEC  Program  Office 

can  propagate  undetected  and 
uncontrolled. 

A  number  of  tactical  systems 
on-board  naval  vessels  were 
originally  designed  to  operate 
in  a  closed  environment;  how¬ 
ever,  with  the  end-to-end  world¬ 
wide  network  connectivity  that 
comes  with  network  centric 
warfare,  the  environment  is  no 
longer  closed.  Many  of  the 
best-known  and  most  common 
attacks  that  occur  on  the 
Internet  are  those  that  target 
information  integrity  by  cor¬ 
rupting  or  destroying  it,  usually 
by  using  agents  such  as  viruses. 
Another  common  class  of 
attack,  commonly  called  denial 
of  service  attacks,  seeks  to  deny 


IATAC 

is  a  DoD-Sponsored 
Information  Analysis 
Center  Administered  by  the 
Defense  Technical 
Information  Center  (DTIC). 


3R&D  Perspective: 
ARL  Primes  Army 
IA  Capability 


4 

5 


DIA IW  Course 

Industry 
Initiatives:  Is 
Your  Network 
Under  Attack? 


6  IA  Tools 
Summary: 
Vulnerability 
Analysis 


8 

9 

10 


IATAC  chat 


Calendar 


What’s  New 


Vol . 2  No . 2_ 

The  lANewsletter  is  pub¬ 
lished  quarterly  by  the 
Information  Assurance 
Technology  Analysis  Center 
(IATAC).  The  Summer ‘98 
issue  continues  the  focus 
on  current  information 
assurance  initiatives  under¬ 
way  within  the  Department 
of  Defense.  An  overview  of 
the  IA  Tools  Database  is 
provided  that  highlights  the 
current  collection  of  Vulner¬ 
ability  Analysis  Tools.  In 
addition,  two  new  sections 
have  been  added:  Industry 
Initiatives  and  R&D 
Perspective. 
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Security  Tools 
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use  of  the  system,  using  tech¬ 
niques  such  as  message  flood¬ 
ing.  Still  other  attacks,  such  as 
Internet  Protocol  (IP)  address 
spoofing,  focus  on  allowing  the 
attacker  to  masquerade  as  a 
valid  user  who  can  then  plant 
bogus  information  or  deny 
access.  It  is  well  known  that 
opening  a  “hostile”  Webpage 
(i.e.,  with  imbedded  code  oper¬ 
ating  in  the  background  that 
may  be  malicious),  can  lead  the 
innocent  user  into  a  scenario 
where  he/she  may  be  unknow¬ 
ingly  infecting  a  ship’s  warfight¬ 
ing  networks  and  computer  sys¬ 
tems  with  potentially  dangerous 
software  agents. 

As  the  Navy  embraces  the 
concept  of  network  centric  war¬ 
fare,  security  is  being  empha¬ 
sized  and  implemented  as  an 
integral  part  of  the  network 
infrastructure.  Using  secure 
protocols,  turning  off  unused 
services,  and  designing  applica¬ 
tions  that  periodically  incorpo¬ 
rate  operating  system  patches 
has  recently  become  standard 
practice.  The  Navy  Information 
Systems  Security  Program 
Office  at  the  Space  and  Naval 
Warfare  Systems  Command 
(SPAWAR),  has  developed  a 
Network  Information  Assurance 
Team  (NIAT)  that  has  been  inte¬ 
grated  into  an  existing  Battle 
Group  Systems  Integration  Test 
(BGSIT)  process.  Using  a  variety 
of  commercially  available  secu¬ 
rity  tools,  the  NIAT  examines 
the  afloat  security  posture  of  the 
various  integrated  shipboard 
networks  and  provides  ships 
with  the  means  to  combat 
threats  to  their  information  sys¬ 
tems. 

The  first  phase  of  a  typical 
NIAT  visit  includes  a  meeting 
with  the  ship’s  systems  adminis¬ 
trators  and  a  tour  of  the  comput¬ 
er  spaces,  both  classified  and 
unclassified.  During  the  meet¬ 
ing,  the  team  explains  that  its 
primary  job  is  security,  but  that 
it  is  also  willing  to  provide  net¬ 
work  technical  and  also  admin¬ 


istrative  support  where  needed. 

The  second  phase  is  a  net¬ 
work  scan  and  mapping  using 
tools  such  as  Strobe,  Ballista  and 
SATAN.  These  tools  provide  a 
network  overview  and  probe  for 
known  vulnerabilities.  More  and 
more  security  tools  are  available 
to  today’s  network  administra¬ 
tors,  and  the  NIAT  team  is 
always  willing  to  try  any  com¬ 
mercially  available  tools  that  are 
user  friendly  and  not  overly 
complex.  The  NIAT  has  begun 
providing  copies  of  the  security 
tools  (with  training)  to  ship¬ 
board  personnel  who  are 
responsible  for  operating  and 
maintaining  networks. 

Phase  3  concentrates  on  net¬ 
work  policy,  including  file  struc- 
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ture,  system  security  policy,  and 
password  policy.  The  NIAT  cur¬ 
rently  uses  the  Kane  Security 
Analyzer  to  scan  file  structure 
and  system  security  policy.  The 
main  tools  used  to  test  password 
policy  are  Pass  Crack  and  LOpht- 
crack. 

The  final  phase  of  the  visit  is 
a  recommendation  and  educa¬ 
tion  phase.  During  this  period, 
the  team  provides  its  security 
recommendations,  reviews  find¬ 
ings  of  the  scans,  discusses  best 
known  practices,  outlines  indus¬ 
try  solutions  and  holds  classes 
on  topics  such  as  Windows  NT 
administration,  Transmission 
Control  Protocol/Internet  Proto¬ 
col  (TCP/IP),  Domain  Naming 
System  (DNS) ,  and  router  access 
control  lists.  The  most  recent 
versions  of  antiviral  software  are 
always  provided.  One  of  the 
most  important  benefits  of  the 
NIAT  is  that  the  team  provides 


formal  feedback  to  system 
developers,  integrators,  and 
implementers,  helping  to 
ensure  that  future  releases  of 
the  warfighting  application  soft¬ 
ware  have  the  security  problems 
fixed. 

Over  the  past  5  months,  the 
NIAT  has  provided  systems  sup¬ 
port  to  the  USS  LINCOLN  (CVN- 
72)  and  USS  EISENHOWER 
(CVN-69)  Battle  Groups  (BG), 
and  the  USS  ESSEX  (LHD-2), 
USS  WASP  (LHD-1),  and  USS 
SAIPAN  (LHA-2)  Amphibious 
Readiness  Groups  (ARG) . 
Additionally,  the  team  has  pro¬ 
vided  valuable  training, 
antivirus,  and  configuration  sup¬ 
port  in  the  network  security 
arena  to  units  and  commands 
located  at  various  shore  sites. 
Because  of  the  high  quality  of 
assistance,  the  number  of 
requests  for  shipboard  (and 
ashore) ,  NIAT  assistance  is 
growing.  Captain  Dan  Galik, 
Program  Manager  for  Navy 
Information  Security  (INFOS- 
EC)  notes  that  “with  the  rapid 
advances  being  made  in  infor¬ 
mation  technology,  it  is  very  dif¬ 
ficult  to  provide  our  sailors  and 
other  Navy  personnel  with  the 
required  technical  training  to 
keep  pace  with  these  technical 
advances,  particularly  in  the 
area  of  network  security.  Our 
sailors  need  hands-on  expert 
technical  help,  and  that’s  one  of 
the  key  benefits  that  NIAT  is 
providing.”  In  its  relatively  short 
existence,  the  NIAT  program  has 
been  recognized  throughout  the 
fleet  for  security  excellence. 


Lieutenant  Zomar  has  a  B.S.  in 
Aerospace  Engineering  and  a  B.S.  In 
Applied  Mathematics  from  University 
of  Colorado.  He  received  his  M.S  in 
Electrical  Engineering  from 
Rensselaer  Polytechnic  Institute.  LT 
Zomar  reported  aboard  SPAWAR  in 
August:  of  1997  after  serving  in  the  S~3 
Viking  community.  He  may  he 
machec!  at  619-521-7310  or  via  email: 
mmarr@spawar.navy, mil. 
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ARL  Primes  Army. 


The  Army  Research  Lab  (ARL) 
seeks  ways  to  reduce  the  risks 
associated  with  future  digitized 
land  warfare  by  executing  funda¬ 
mental  research  and  analysis 
leading  to  development  of  new 
information  assurance  (IA)  tech¬ 
nology.  ARL  pursues  this  objec¬ 
tive  by  analyzing  the  Army 
Warfighter  Experiments  (AWE) ,  a 
series  of  coordinated  events  that 
will  determine  the  right  blend  of 
technology  for  the  first  digitized 
division  and  corps);  by  gaining 
practical  experience  in  computer 
incident  response;  and  by  execut¬ 
ing  its  research  programs  that 
help  to  develop  the  operational 
concepts  of  the  Army  After  Next, 
(AAN)  the  overarching  vision  for 
the  future  Army. 

Achieving  AAN  vision  places 
unprecedented  reliance  on  infor¬ 
mation  and  the  technology  that 
supports  its  processing  and  distri¬ 
bution.  The  Army's  concern  for 
IA  stems  from  its  understanding 
of  the  potential  consequences  of 
failed  or  corrupted  access  to 
information  (i.e.,  ultimately  the 
loss  of  lives).  ARL  has  been 
involved  with  the  development  of 
information  technology  since  the 
earliest  days  of  modern  comput¬ 
ing  machines.  ARL's  predecessor 
laboratories  pioneered  digital 
computing,  creating  ENIAC,  one 
of  the  first  functional  digital  com¬ 
puters.  ARL  currently  operates 
the  DoD's  Major  Shared  Resource 
Center  (MSRC)  for  classified 
information,  as  well  as  the 
Army's  High-Performance  Com¬ 
puting  Research  Center.  This 
experience  and  resources  unique¬ 
ly  qualify  ARL  to  conduct  basic 
and  applied  IA  research  at  the 
forefront  of  the  era  of  digitized 
warfare,  an  era  that  places  new 
value  on  information  and  its 
assured  distribution. 

The  AWE  series  reveals  signifi¬ 
cant  challenges  for  battlefield 
information  assurance.  In  collab¬ 
oration  with  the  Army  Digit!- 


Information  Assurance  Capability 


by  LTC  Paul  Walczak 
Army  Research  Laboratory 


zation  Office  (ADO),  ARL  pro¬ 
vides  analysis  to  identify  and 
characterize  vulnerabilities  in 
command  and  control  (C2)  sys¬ 
tems  for  the  First  Digitized 
Division/Corps  (FDD/C).  The 
fundamental  technical  capability 
that  distinguishes  the  FDD/C  is 
the  Tactical  Internet  (TI).  The  TI 
is  a  complex  adaptation  of  the 
protocols  used  on  the  public 
Internet,  shared  across  new  fami¬ 
lies  of  automated  battlefield  infor¬ 
mation  processing  systems.  ARL 
i  n  ve  s  t  i  - 


incident  detection  and  response 
through  its  computer  security 
incident  response  lab,  operated 
by  the  Computer  Security 
Incident  Response  Team  (CSIRT). 
Led  by  Angelo  Bencivenga,  the 
CSIRT  oversees  6,000  nodes  that 
comprise  common  commercial 
hardware  and  software  compo¬ 
nents  located  at  several  sites  in 
the  continental  United  States. 
Through  its  monitoring,  intrusion 
detection,  and  analytic  activities, 
CSIRT  pumps  fresh  data  into 
ARL's  corporate  repository. 


and  military  interest  in  the  public 
Internet  (MILNET).  These  poten¬ 
tial  problems  can  be  examined 
using  a  coordinated  approach 
that  produces  dual-use  solutions. 
One  of  ARL's  unique  capabilities 
lies  in  having  an  analytic  element 
within  its  organization  focused  on 
the  survivability  of  the  TI  (as 
described  above),  and  another 
operating  to  protect  ARL's  own 
MILNET-based  computer  net¬ 
work  operations.  ARL  has  gained 
practical  knowledge  in  MILNET 


and  filtered  network  traffic  data, 
which  is  made  available  to  ARL- 
directed  research  projects.  The 
CSIRT  has  been  recognized  for 
success  in  developing  organiza¬ 
tional  procedure  and  in  refining 
off-the-shelf  assurance  tools, 
extending  their  functionality  and 
performance  while  reducing  the 
number  of  false  alarms. 

Analyses  of  both  the  digital  tac¬ 
tical  network  and  the  MILNET 
provide  a  well-grounded  basis  for 
ARL's  IA  research  program. 
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DIA  Information  Warfare  Course . . 


The  Introduction  to  Inform¬ 
ation  Operations  course  taught  at 
the  Defense  Intelligence  Agency 
(DIA)  offers  intelligence  profes¬ 
sionals  a  current  picture  of  what 
is  happening  in  the  Department 
of  Defense  (DoD)  in  Information 
Operations  (10)  A  ticket  to  this 
course  is  a  must  for  the  well- 
rounded,  well-educated  informa¬ 
tion  specialist  in  DoD. 

Mr.  Douglas  Dearth,  who 
teaches  and  facilitates  the  class 
at  the  Joint  Military  Intelligence 
Training  Center  (JMITC),  draws 
a  veiy  diverse  cross-section  of 
civilian  government  and  military 
personnel  into  the  classroom, 
which  offers  the  attendees  a 
chance  to  network  with  their 
peers  in  other  government 
organizations.  The  real  “missing 
piece”  of  information  that  the 
attendee  gains  from  attending 
this  course  is  the  intelligence 
slant  of  10  today  and  especially, 


a  chance  to  talk  with  some  of  our 
allies  in  a  special  briefing  and 
open  exchange  session.  This 
course  helps  the  student  think 
from  the  current  global  perspec¬ 
tive. 

This  course  provides  a  nonat- 
tributional  forum  where  briefin¬ 
gs  and  discussions  are  held  at 
various  levels  of  classification. 
Students  are  required  to  have  a 
Top  Secret  level  clearance  to 
attend,  which  allows  for  specific 
and  timely  information  to  be  pre¬ 
sented,  candid  discussions, 
observations  and  an  open 
exchange  of  ideas  from  the 
diverse  audience.  Students  have 
time  during  the  week  to  reflect 
on  what  they  are  being  taught 
and  plan  how  to  apply  that  infor¬ 
mation  to  aid  their  own  organiza¬ 
tions.  This  course,  along  with  the 
Information  Operations, 

Warfare,  and  Strategy  course 
offered  by  NDU,  is  needed  for 


\ 

by  Ms.  Joan  Putman  ) 

Program  Analyst,  DoD  I  AC  Programs  / 

the  whole  DoD  overview  of 
Information  Operations.  A  great 
amount  of  valuable  printed 
material  from  some  of  the 
briefers  supplements  the  contin¬ 
ual  flow  of  seminar-like  briefings 
that  the  students  attend. 
Supplemental  reading  is  recom¬ 
mended  and  additional  materials 
are  generously  provided. 

This  enlightening  5-day 
course  is  offered  only  threetimes 
a  year,  and  is  generally  open  to 
Infowarriors,  at  the  GS-11  and 
above,  civilian  level;  and  cap¬ 
tains  through  colonels,  military 
level.  The  course  usually  accom¬ 
modates  a  group  of  about  35  for 
each  class  offering. 

Mr.  Dearth  is  the  point  of  con¬ 
tact.  If  you  want  to  attend,  call 
(202)  231-3290  /DSN  428-3290  or 
email  dhdearth@aol.com.  If 
accepted,  you  may  be  placed  on 
a  waiting  list,  but  this  course  is 
worth  waiting  for. 
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GLOBAL  GUARDIAN 
provided  us  the  oppor¬ 
tunity  to  test  our 
newly-deve  loped 
Information  Operations 
Conditions,  more  com¬ 
monly  known  as 
INFOCONs.  Our  INFO-CONs 
serve  as  a  notification  mecha¬ 
nism  to  warn  the  Com-mand  of 
possible  increasing  threats  to  our 
information  infrastructure.  Once 
the  attack  was  identified,  we 
wanted  to  assess  how  fast  the 
Command  could  respond  by 
changing  the  INFOCON.  As  the 
exercise  progressed,  INFOCON 
levels  changed  several  times,  giv¬ 
ing  us  the  opportunity  to  assess 
the  effectiveness  of  the  INFO¬ 
CON  concept. 

We  were  extremely  pleased 
with  how  rapidly  the  Command 
raised  INFOCON  levels.  Proper 
procedures  and  training  allowed 


the  Command  to  quick¬ 
ly  raise  the  INFOCON 
levels  to  the  appropri¬ 
ate  level  of  threat. 
The  Command  is  now 
in  the  process  of  dis¬ 
seminating  the  INFO¬ 
CON  system  to  our  task 
forces  for  implementation. 

We  were  also  impressed  with 
the  response  of  our  “front-line” 
defenders— our  system  adminis¬ 
trators,  who  were  extremely  vig¬ 
ilant  in  monitoring  computer 
audit  logs  and  other  anomalies 
that  might  signify  an  ongoing 
attack.  Our  computer  emer¬ 
gency  response  team  was  also 
instrumental  in  identifying  the 
attacks,  reporting  them  up  the 
chain  of  command,  and  making 
recommendations  to  limit  the 
“damage”  of  the  attack.  Senior- 
level  leadership  was  also  very 
supportive  of  our  activities, 


understanding  that  timely, 
accurate  information  is  vital  to 
accomplishing  the  mission. 

GLOBAL  GUARDIAN  has 
provided  us  with  a  venue  for 
measuring  the  effectiveness  of 
the  Command’s  information 
assurance  posture  during  times 
of  heightened  danger,  allowing 
us  to  emphasize  the  threat  of 
computer  network  attack  to  the 
warfighter.  We  plan  to  increase 
the  level  of  CNA  in  future 
GLOBAL  GUARDIAN  exercises 
to  imitate  as  closely  as  possible 
the  technical  capabilities  of  a 
hostile  source. 

Ward  Parker, . 
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Is  Your  Network  Under  Attack? 


by  Steve  Jackson 
AXENT  Technologies ,  Inc . 


Your  data  is  vulnerable,  but 
how  vulnerable?  What  is  the 
risk  to  your  data  from  internal 
or  external  attacks?  You  need  to 
think  like  the  enemy  to  truly 
understand  the  security  issues 
associated  with  your  data.  Your 
network  is  extremely  complex- 
data  exists  on  the  wire  and  on 
every  node.  In  a  system  with 
vulnerabilities,  prying  eyes  can 
capture  data  easily.  Under¬ 
standing  the  vulnerabilities 
within  your  network  is  the  first 
step  to  securing  your  data. 

AXENT  Technologies,  Inc., 
recently  introduced  a  new  secu¬ 
rity  tool  to  help  address  these 
issues.  This  tool,  NetRecon,  is  a 
third-generation  vulnerability 
scanner.  It  uses  a  technology 
called  UltraScan  to  find  vulnera¬ 
bilities  in  an  entire  network. 
Unlike  all  other  scanners  that 
locate  vulnerabilities  on  each 
system  in  isolation,  NetRecon 
uses  vulnerabilities  from  one  or 
more  systems  to  find  additional 
vulnerabilities  on  the  rest  of  the 
systems.  With  this  technology, 
NetRecon  can  prove  that  your 
network  is  "only  as  secure  as  the 
weakest  system  in  the  network.” 

Working  as  a  “Tiger  Team,” 
NetRecon  starts  by  scanning  in 
parallel  for  vulnerabilities  on  all 
systems.  As  data  from  the  sys¬ 
tems  are  retrieved,  other  scans 


AXENT® 

are  initiated  by  coupling  the 
data  retrieved  and  using  that  as 
input  to  the  systems  found.  A 
“Tiger  Team”  takes  the  informa¬ 
tion  gathered,  couples  it,  and 
uses  the  resulting  data  to  attack 
all  systems  discovered.  As 
shown  in  the  figure  below, 
NetRecon  finds  login  vulnerabil¬ 
ities  on  one  system,  password 
files  on  a  second  system,  and 
File  Transfer  Protocol  (FTP) 
services  from  yet  another. 
Those  vulnerabilities  are  duly 
noted  and  then  NetRecon  scans 
at  the  next  level.  Using 
UltraScan,  NetRecon  couples 
these  three  separate  vulnerabili¬ 
ties,  builds  a  new  set  of  objec¬ 
tives,  and  attacks  all  systems 
discovered.  With  this  technolo¬ 
gy  NetRecon  can  find  vulnera¬ 
bilities  on  systems  previously 
thought  to  be  highly  secure. 
UltraScan  builds  and  rebuilds 
the  attack  objectives  every  time 
data  from  multiple  systems  can 
analytically  be  coupled  for 
future  attacks. 

NetRecon  provides  immedi¬ 


ate  feedback  to  the  user  inter¬ 
face  on  vulnerabilities  found. 
Within  seconds  of  starting  a 
scan,  results  are  displayed 
graphically  as  well  as  in  text  for¬ 
mat  for  immediate  viewing  and 
manipulation.  Hypertext  Mark¬ 
up  Language  (HTML)  page 
entries  are  built  for  each  vulner¬ 
ability  found,  with  hot  links  to 
locations  providing  solutions  for 
those  vulnerabilities.  These 
solutions  provide  a  point  and 
click  method  to  correct  the  vul¬ 
nerabilities  within  the  network. 
Unlike  other  scanners  that  oper¬ 
ate  only  on  the  Internet  Protocol 
(IP),  NetRecon  scans  multiple 
protocols  (IP,  IPX,  SPX,  and 
Windows  Networking) . 

NetRecon  makes  it  possible  to 
determine  nodes,  names,  crack¬ 
ing  passwords;  find  services 
(such  as  telnet,  login,  http,  NIS, 
and  smtp)  running  on  UNIX,  NT 
and  other  platforms;  exploit  and 
attack  those  services;  and  get 
through  the  barriers  currently  in 
place.  This  process  informs 
management  of  the  potential 
threats  and  provides  solutions  to 
those  threats. 

NetRecon  not  only  provides 
UltraScan  results  across  multiple 
protocols  in  an  easy-to-read 
HTML  report,  but  those  results 
are  displayed  immediately  for 
quick  feedback  when  running 
NetRecon.  NetRecon  offers  secu¬ 
rity  solutions  to  secure  your  data 
and  to  assist  your  organization 
by  providing  a  better  under¬ 
standing  of  how  a  hacker  could 
break  through  security  barriers 
currently  in  place. 

For  more  information,  con¬ 
tact  AXENT  Technologies,  Inc., 
at  1 -888-4 4-AXENT  or  on-line  at 
http://www.axent.com. 

Steve  Jackson  received  his  B.S.  in 
Computer  Science  from  Brigham 
Young  University  in  J9S2 .  He  is  the 
OmniCuard/Enterprise  Security 
Manager  (ESM)  Product  Manager  for 
AXENT  Technologies,  Inc 
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The IATAC 
Information 
Assurance  Tools 
Database  hosts 
information  on 
intrustion  detec¬ 
tion,  vulnerabil¬ 
ity  analysis, 
firewalls  and 
antivirus  applia- 
tions.  A  brief 
summary  of 
Vulnerabilility 
Analysis  Tools 
is  provided  on 
these  two 
pages.  For 
more  informa¬ 
tion,  see  the 
IATAC  Product 
Order  Form  on 
page  1 1 . 


Title 

Attributes 

Ballista 

comprehensive 
vulnerability  analysis 

CheckXusers 

simple  vulnerability 
analysis 

Chkacct 

simple  vulnerability 
analysis 

CONNECT 

simple  vulnerability 
analysis 

COPS  comprehensive 

(Computer  vulnerability  analysis 

Oracle  and  Password  System) 

CPM  (Check 
Promiscuous 
Mode) 

simple  vulnerability 
analysis 

Crack 

password  cracker 

DOC  simple  vulnerability 

(Domain  analysis 

Obscenity  Control) 

DumpAcI  simple  vulnerability 
analysis 


ESPRIT  risk  analysis 

(Expert  System 
for  Progressive  Risk 

Identification  Techniques) 

ICE-PICK 

comprehensive 
vulnerability  analysis 

IdentTCPscan 

simple  vulnerability 
analysis 

Internet 

Scanner 

comprehensive 
vulnerability  analysis 

KSA 

(Kane 

Security 

Analyst) 

misuse  detection, 
system  monitoring, 
comprehensive 
vulnerability  analysis 

LOPHTCrack 

password  cracker 

Netective 

simple  vulnerability 
analysis 

NetRecon 

comprehensive 
vulnerability  analysis 

Description 

Network  security  auditing  tool  used  to  discover  weaknesses  in  networked 
environments. 

Identifies  users  logged  onto  the  current  machine  from  insecure  X  servers. 

Designed  to  check  the  settings  and  security  of  the  current  user's  account. 

This  /bin/sh  shell  script  scans  a  range  of  Internet  Protocol  (IP) 
addresses  for  machines  that  offer  the  Trivial  File  Transfer  Protocol 
(TFTP)  service.  . ,.i:  w 

COPS  is  a  security  toolkit  that  examines  a  system  for  a  number  of 
known  weaknesses  and  alerts  the  system  administrator  to  them. 

CPM  checks  whether  any  network  interface  on  a  host  is  in 
promiscuous  mode. 

Password-cracking  program  with  a  configuration  language  that  allows 
the  user  to  program  the  types  of  guesses  attempted. 

DOC  diagnoses  misconfigured  domains  by  sending  queries  to  the 
appropriate  domain  name  system  (DNS)  nameservers  and  performing 
simple  analysis  on  the  responses. 

DumpAcI  dumps  the  permissions  and  audit  settings  for  the  Windows  NT 
files  system,  registry,  user/group  information,  and  printers  in  a  concise, 
readable,  listbox  format  so  the  user  can  identify  readily  apparent  security 
vulnerabilities. 

Risk  analysis  and  risk  management  tool  that  provides  a  detailed  analysis 
of  an  information  system  in  terms  of  assets,  threats  to  assets,  vulnerabil¬ 
ities,  and  countermeasure  recommendations. 

Automated  security  tool  used  to  evaluate  the  vulnerabilities  of  network- 
based  systems  that  use  TCP/IP. 

Scans  remote  hosts  for  active  Transmission  Control  Protocol 
(TCP)  services. 

Performs  scheduled  and  selective  probes  of  network  communication 
services,  operating  systems,  key  applications,  and  routers  in  search  of 
common  vulnerabilities  that  open  the  network  to  attack. 

KSA  assesses  the  security  status  of  a  Novell  and  Windows  NT  network 
and  generates  reports  in  six  areas:  password  strength,  access  control, 
user  account  restrictions,  system  monitoring,  data  integrity,  and 
data  confidentiality. 

Comprehensive  password  cracker  for  Windows  NT  system  and  local 
area  network  (LAN)  manager  passwords. 

Identifies  security  vulnerabilities  at  both  the  operating  system  level  and 
the  network  level.  Netective  validates  the  system  using  MD5  checksums 
and  other  security  checks  on  system  files,  operating  system  patches,  file 
permissions,  and  system  passwords. 

Runs  on  a  Windows  NT  workstation  and  probes  networks  and  network 
resources.  NetRecon's  UltraScan  technique  allows  it  to  immediately  dis 
play  vulnerabilities  as  they’re  detected  &  quickly  perform  deeper  probes. 
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Title 

Attributes 

NetSonar 

comprehensive 
vulnerability  analysis 

NSS 

comprehensive 

(Network 

vulnerability  analysis 

Security  Scanner) 

Nfsbug 

simple  vulnerability 
analysis 

Omniguard/ 

comprehensive 

ESM 

vulnerability  analysis 

Perl  Cops 

comprehensive 
vulnerability  analysis 

PINGWARE 

comprehensive 
vulnerability  analysis 

RiskWatch  v7.1 

risk  analysis 

SATAN 

comprehensive 

(Security 
Analysis  Tool  for 

vulnerability  analysis 

Auditing  Networks) 

Secure  Sun 

simple  vulnerability 
analysis 

Snoopy  Tools 

comprehensive 
vulnerability  analysis 

SPI-NET 

comprehensive 
vulnerability  analysis 

Strobe 

vulnerability  anlaysis 

System 

comprehensive 

Security 

Scanner 

vulnerability  analysis 

Tiger 

comprehensive 
vulnerability  analysis 

ToneLoc 

war  dialers 

Trident 

Information 

risk  analysis 

Protection  Toolbox 

VISART 

risk  analysis 

(Value  of  Information 
Structured  Analysis 
Risk  Tool) 

Xscan  simple  vulnerability 

analysis 


Description 

Using  NetSonar  from  a  central  console,  the  user  can  assess  the  security 
state  of  an  enterprise's  entire  network,  track  historical  vulnerability  trends, 
and  create  reports  of  potential  security  risks. 

Scan  individual  remote  hosts  and  entire  subnets  of  hosts  for  various 
simple  network  security  problems.  The  majority  of  the  tests  can  be 
performed  by  any  nonprivileged  user  on  a  typical  UNIX  machine. 

Nfsbug  checks  for  a  variety  of  configuration  errors  in  NFS, 
mountd,  and  portmapper  daemons. 

Platform-independent  security  management  tool  that  enables  the  user 
to  manage  and  evaluate  diverse  systems  according  to  unique, 
customizable  security  policies. 

Security  toolkit  that  examines  a  system  for  a  number  of  known 
weaknesses  &  alerts  system  administrator  to  them. 

PINGWARE  systematically  scans  and  tests  all  the  systems  on  a  TCP/IP 
based  network  from  a  single  workstation. 

Conducts  automated  risk  analysis  and  vulnerability  assessments  of 
information  systems,  including  data  centers,  application  programs, 
facilities,  networks,  and  field  offices. 

SATAN  scans  systems  connected  to  the  network  noting  the 
existence  of  well-known,  often-exploited  vulnerabilities. 


This  program  checks  for  14  common  SunOS  configuration 
security  vulnerabilities. 

A  suite  of  programs  that  determine  what  network  services  are 
running  under  TCP/IP  and  attempt  to  exploit  bugs  in  those  services. 

Supports  multihost  system  security  inspections  managed  from  a 
designated  "command  host."  These  inspections  include  access  control 
testing,  system  file  authentication,  file  system  change  detection,  pass 
word  testing,  and  common  system  vulnerability  checks. 

Network  security  tool  that  locates  and  describes  all  listening  tcp  ports  on 
a  (remote)  host  or  on  many  hosts. 

Assesses  operating  system  configuration,  file  permissions  and  ownership, 
network  devices,  account  setups,  program  authenticity,  and  common 
user-related  security  issues  such  as  guessable  passwords. 

Used  to  check  for  security  problems  on  a  UNIX  system;  it  scans  system 
configuration  files,  file  systems,  and  user  configuration  files  for  possible 
security  problems  and  reports  them. 

Scans  a  block  of  telephone  numbers  for  active  dial-up  services. 

Trident's  Toolbox  is  a  set  of  three  complementary  tools  that  assist  in 
protecting  critical  information  assets. 


(Under  development)  This  tool  allows  the  user  to  analyze  systems,  their 
vulnerabilities,  and  possible  threats,  and  quantify  what  types  of  counter¬ 
measures  are  justifiable  in  terms  of  cost. 


This  utility  scans  a  host,  or  a  range  of  hosts,  for  unprotected  X  displays. 
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Support jdLUsec  Inquiries 


by  Mr.  Robert  P.  Thompson 
Director,  IATAC 


IATAC  offers  the  DoD  a  quick 
response  capability  for  IA  techni¬ 
cal  inquir-ies.  User  inquiries  vary 
in  nature,  from  Td  like  to 
receive  a  copy  of  the 
Vulnerability  Analysis  Report”  to 
more  complex  requests  such  as 
“how  do  you  develop  secure  code 
for  web  pages”  Inquiries  are 
received  via  the  IATAC  home 
page,  e-mail,  telephone,  verbally 
at  meetings,  and/or  tasking  from 
the  IAC  Program  Manage-ment 
Office  (IAC  PMO).  For  IATAC  to 
process  the  inquiry,  the 
requestor  must  be  a  registered 
DTIC  user  (ref  http:// 
www.dtic.mil/dtic/regprocess.ht 
ml).  Inquiries  fall  into  4  cate¬ 
gories. 

Basic:  requests  for  informa¬ 
tion  requiring  8  technical  hours 


Another  basic  component  is  up- 
to-date  knowledge  of  research 
conducted  in  academia,  other 
government  agencies,  and  com¬ 
mercial  activities  (especially 
DARPA,  the  other  service  basic 
research  labs,  and  ARL's  collabo¬ 
rating  partners).  ARL  strives  to 
leverage  progress  made  else¬ 
where  and  eliminate  duplication 
of  effort  by  identifying  common 
areas  of  interest  and  opportuni¬ 
ties  for  collaboration.  Its  objec¬ 
tive  is  to  identify  IA  research 
needs  bearing  on  land  warfare  or 
the  institutional  Army  that  are 
not  being  met  through  external 
programs.  These  land  warfare 
digitization  challenges  are  gener¬ 
ally  related  to  assured  informa¬ 
tion  services  for  highly  mobile 
ground  combat  in  theaters  of 
operation  that  are  likely  to  be 
composed  of  coalition  forces. 

ARL’s  approach  to  IA  orients 
the  lab's  traditional  areas  of 
expertise  to  address  relevant  IA 
problems.  This  approach  directs 
ARL’s  scientific  capabilities  (i.e., 
information  technology,  human 


or  less  to  complete.  Funded 
through  existing  IATAC  opera¬ 
tions. 

Extended:  requests  for  infor¬ 
mation  requiring  8-24  technical 
hours  to  complete.  Funded  on  a 
cost  recovery  basis. 

Search  &  Summary:  consists 
of,  but  not  limited  to,  a  literature 
search  and  printout  of  relevant 
abstracts  to  include  reviewing 
the  abstracts  and  identifying  the 
most  pertinent  information  and 
requiring  24-  40  technical  hours 
to  complete. 

Review  &  Analysis:  addi¬ 
tional  to  extended  and  search  & 
summary  efforts,  support  con¬ 
sists  of  direct  consultation  with 
staff  and/or  consulting  subject- 
matter  experts,  a  brief  paper  syn¬ 
thesizing  the  results  of  the  tech- 


continued  from  page  3 

factors,  and  electromagnetic 
effects)  to  IA  needs  that  are 
defined  not  only  by  the  technical 
environment  but  equally  by 
operational  doctrine  and  future 
warfighting  concepts.  The  prob¬ 
lem  domain  consists  of  chal¬ 
lenges  that  impede  fulfillment  of 
the  Army’s  near-term  (i.e.,  to 
2010)  digitization  objectives  as 
well  as  those  for  the  AAN.  End- 
users,  testers  and  evaluators,  ARL 
analysts,  industry  consultants, 
and  developers  of  future  doctrine 
and  force  structure  identify  these 
"challenges,”  which  ARL  assimi¬ 
lates  as  input  to  its  program  of  IA 
research.  Major  ARL  thrusts  bear¬ 
ing  on  IA  problems  include: 

*  Developing  advanced  tactical 
telecommunications  protocols 

*  Applying  intelligent  software 
agents  to  assure  information 
systems 

*  Researching  human  factors  to 
understand  how  Army  organi¬ 
zations  value,  consume,  and 
protect  information 

*  Investigating  “survivable  sys¬ 
tems”  principles  to  create  new 


nical  review,  complete  copies  of 
references  and  the  requisite 
materials  for  access  to  databases, 
if  necessary  and  requiring  40-80 
technical  hours  to  complete. 
Inquiries  exceeding  80  hours  of 
support  are  accomplished 
through  a  technical  area  task. 

Results  of  technical  inquiries 
are  provided  back  to  the 
requestor  and  are  entered  into 
the  IATAC  IA  scientific  and  tech¬ 
nical  information  (STI)  collec¬ 
tion,  which  functions  as  a  pri¬ 
mary  resource  for  the  processing 
of  future  technical  inquiries. 
The  collection,  coupled  with  the 
broad  range  of  technical  expert¬ 
ise  available,  allows  IATAC  to 
quickly  respond  to  both  routine 
and  high  priority  technical 
inquiries. 


high-level  architectures  and 
elevate  the  practice  of  hard¬ 
ware  and  software  engineer¬ 
ing. 

Analysis  supporting  the  AWE, 
coupled  with  CSIRT  experience, 
gives  ARL  insight  into  tactical 
and  sustaining-base  IA  issues  fac¬ 
ing  the  digitized  land  force  of  the 
future.  This  insight  produces  an 
approach,  tempered  both  in  prac¬ 
tice  and  theory,  that  focuses 
ARL’s  scientific  expertise  on  IA 
problems.  To  assist  in  solving 
these  problems,  ARL  is  building 
an  IA  knowledge  base  that  will 
lead  to  improvements  in  Army 
IA  capability,  reducing  the  risks 
to  land  operations  while  con¬ 
tributing  to  progress  in  national 
information  infrastructure  pro¬ 
tection. 

LJ'C  Walczak  is  Program  Manager 
for  Information  Assurance  Research  at 
the  Army  Research  Lab.  He  is  a  mem¬ 
ber  of  the  Army  Acquisition  Corps  and 
is  a  certified  computing  professional 
(CCP). 


Vol.  2,  No.  7  —  Summer  1998 


AUG 

17-21 


SEP 

9-10 


SEP 

22-24 


IET21  —  Leveraging  Intelligent 
and  Emerging  Technology  to 
Support  21st  Century  Leaders 
Fort  McNair,  Washington,  DC 
Sponsored  by  the  National 
Defense  University  and  The  Army 
CIO  Strategic  &  Advanced 
Computer  Center 
extranet.ndu.edu/keg/register.htm 


OCT 

6-7 


WebSec  '98:  The  Conference 
on  Web,  Internet  and  Intranet 
Security 

San  Francisco,  CA 
call  508.879.7999 
www.misti.com 
WebSec  '98  offers  up-to-date 
solutions  for  ensuring  informa¬ 
tion  integrity,  privacy  and  securi¬ 
ty  on  the  'Net.  The  conference 
expo  will  be  August  18  and  19. 


OCT 

7-8 


OCT 

18-21 


InfowarCon  '98:  The  8th  Annual 
Conference  on  Information 
Assurance  and  Information 
Operations  for  the  Enterprise 
and  the  Infrastructure 
Produced  by  Winn  Schwartau 
and  MIS  Training  Institute 
Washington,  DC 
call  509.879.7999 
www.  misti  .com/regform .  htm  I 
Email:  mis@misti.com 
This  conference  zeros  in  on  mili¬ 
tary  operations,  infrastructure 
protection,  and  the  growing 
threat  of  high-tech  terrorism  and 
espionage  in  today's  information- 
dependent  world. 

Achieving  Information 

Dominance  &  Assurance 

Sponsored  by  AFCEA  Fort 

Monmouth  Chapter 

Long  Branch,  NJ 

call  Diane  Carnes  732.758.9009 


OCT 

20-22 


OCT 

28-29 


Information  Systems  Security 
Exposition  (ISSE) 

Exposition  sponsored  by  AFCEA 
International 

Conference  sponsored  by  the 
National  Institute  of  Standards 
and  Technology  and  National 
Computer  Security  Center 
Crystal  City,  VA 

call  J.  Spargo  &  Associates,  Inc., 
703.631.6200 

Command,  Control, 
Communications  and 
Intelligence  Systems 
Technology  (CSIST) 

Sponsored  by  the  AFCEA 
Southern  Arizona  Chapter 
Fort  Huachuca,  AZ 
call  Bill  Reich  520.378.2045 


Milcom  '98  (Unclassified  and 
Secret  Sessions) 

Sponsored  by  the  institute  of 
Electrical  and  Electronics 
Engineers  Communications 
Society,  Raytheon  Company  and 
AFCEA  International 
Bedford,  MA 
call  Dr.  Fred  Unkauf 
508.490.1126 


Infotech  '98  Conference  and 
Exposition 

Sponsored  by  the  AFCEA  Dayton- 
Wright  Chapter 
Dayton,  OH 

call  J.  Spargo  &  Associates,  Inc. 
703.631.6250 


Fall  Intelligence  Symposium 
(Top  Secret  SI/TK) 

Sponsored  by  AFCEA 
International 
Washington,  D.C. 
call  AFCEA  Intelligence 
Department  703.631 .6250 
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The  latest  IATAC  Information 
Assurance  (IA)  Tools  report, 
Vulnerability  Analysis  is  now 
available.  This  report 


provides  an  index  of  vulnerabil¬ 
ity  analysis  tool  descriptions 
contained  in  the  IATAC  IA  Tools 
Database,  one  of  IATACs 
knowledge  bases.  It  summa¬ 
rizes  pertinent  information, 
providing  users  with  a  brief 
description  of  available  tools 
and  contact  information.  As 
a  living  document,  this 
report  will  be  updated  peri¬ 
odically  as  additional 
information  is  entered 
into  the  database. 

Currently  the  IA  Tools 
database  contains 

descriptions  of  35  tools 
that  can  be  used  to  sup¬ 
port  vulnerability  and 
risk  assessment.  The 
information  type  and 
level  of  detail  provided 


among  tools  varies  greatly. 
Although  some  can  identify 
only  a  minimal  set  of  vulnera¬ 
bilities,  others  can  perform  a 
greater  degree  of  analysis  and 
provide  detailed  recommended 
countermeasures  The  database 
includes  commercial  products, 
individually  developed  tools, 
government-owned  tools,  and 
research  tools.  The  database  was 
built  by  gathering  as  much 
open-source  data,  analyzing  that 
data,  and  summarizing  informa¬ 
tion  regarding  the  basic  descrip¬ 
tion,  requirements,  availability 
and  contact  information  for 
each  vulnerability  analysis  tool 
collected.  For  instructions  on 
obtaining  this  report,  refer  to 
IATAC  Product  Order  Form. 


New  Hoi  dim 


Report  on  the  NS/EP  Implications  of 
Intrusion  Detection  Technology 
Research  and  Development 

Originator:  National  Security 
Telecommunications  Advisory 
Committee  (NSTAC)  Network  Group, 
Intrusion  Detection  Subgroup, 
December  1997 


Insertion,  Evasion,  and  Denial  of 
Service:  Eluding  Network  Intrusion 
Detection 

Originator:  Thomas  H.  Ptacek  and 
Timothy  N.  Newsham,  Secure 
Networks,  Inc.,  January  1998 


Conference  Proceedings,  The  Tenth 
Annual  Software  Technology 
Conference,  "Knowledge  Sharing  — 
Global  Information  Networks" 

Originator:  Utah  State  University, 
April  19-23,  1998 


White  Paper,  The  Clinton 
Administration's  Policy  on  Critical 
Infrastructure  Protection: 
Presidential  Decision  Directive  63 


Originator:  THE  WHITE  HOUSE, 
May  22,  1998 


White  Paper  -  Intrusion  Detection 
Methodologies 

Source:  Robert  A.  Clyde,  AXENT 
Technologies,  Inc. 
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IMPORTANT  NOTE:  All  IATAC  Products  are  distributed  through  the  Defense  Technical  Information 
Center  (DTIC).  If  you  are  NOT  a  registered  DTIC  user,  you  must  do  so  PRIOR  to  ordering  any  IATAC 
products .  To  register  with  DTIC  go  to  http:IIwww.dtic.milldticlregprocess.htmL 

Name _ _ _ 

Organization _ Ofc.  Symbol _ 


Address. 


Phone 

E-mail 

Fax 


DoD  Organization?  G  YES  G  NO  If  NO,  complete  LIMITED  DISTRIBUTION  section  below. 


LIMITED  DISTRIBUTION 


QTY. 


PRICE  EA.  EXTD.  PRICE 


In  order  for  NON-DoD  organizations  to  obtain  LIMITED  DISTRIBUTION  products,  a  formal  written  request  must  be  sent  to 
IAC  Program  Office,  ATTN:  Sherry  Davis,  8725  John  Kingman  Road,  Suite  0944,  Ft.  Belvoir,  VA  22060-621 8 


Contract  No. _ 

For  contractors  to  obtain  reports,  request  must  support  a  program  &  be  verified  with  COTR 

COTR _ Phone _ 


□  Modeling  &  Simulation  Technical  Report 

No  Cost 

G  IA  Tools  Report  —  Intrusion  Detection 

No  Cost 

G  IA  Tools  Report  —  Vulnerability  Analysis 

No  Cost 

□  Malicious  Code  Detection  SOAR  □  TOP  SECRET  □  SECRET 

No  Cost 

Security  POC _  Security  Phone 


UNLIMITED  DISTRIBUTION 

QTY. 

PRICE  EA. 

EXTD.  PRICE 

□  Newsletters  (Limited  number  of  back  issues  available) 

□  Vol.  1,  No.  1  □  Vol.  1  No.  2  □  Vol.  1  No.  3 

□  Vol.  2,  No.  1 

No  Cost 

ORDER  TOTAL 

Please  list  the  Government  Program(s)/Project(s)  that  the  product(s)  will  be  used  to  support:. 


Once  completed,  Fax  to  IATAC  at  703.902.3425 
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Copy  this  page,  complete  the  form  and  fax  to  IATAC  at  703-902-3425 

□  Change  □  Add  □  Delete 

Name _  Title _ 

Company/Org. _ : _ 

Address _ 


City/State _  Zip_ 

Phone _  Fax 


DSN 


E-mail 


Organization  (check  one): 

□  USA  □  USN  O  USAF  □  USMC  □  OSD  □  Contractor 


Information  Assurance 
Technology  Analysis  Center 
8283  Greensboro  Drive,  Allen  663 
McLean,  VA  22102-3838 


